Finding Large Bounties with Large Language Models - Nico Waisman - ASW #351
文章探讨了软件漏洞及大语言模型(LLMs)在代码生成和漏洞检测中的应用。Nico Waisman介绍了XBOW的LLM基渗透测试技术及其在漏洞赏金榜单上的表现,并讨论了反馈循环和幻觉处理方法。此外,还涉及了利用LLMs发现漏洞、目录遍历问题、云与AI安全资源及电子表格安全等内容。 2025-10-7 09:0:0 Author: sites.libsyn.com(查看原文) 阅读量:3 收藏
文章探讨了软件漏洞及大语言模型(LLMs)在代码生成和漏洞检测中的应用。Nico Waisman介绍了XBOW的LLM基渗透测试技术及其在漏洞赏金榜单上的表现,并讨论了反馈循环和幻觉处理方法。此外,还涉及了利用LLMs发现漏洞、目录遍历问题、云与AI安全资源及电子表格安全等内容。 2025-10-7 09:0:0 Author: sites.libsyn.com(查看原文) 阅读量:3 收藏
Oct 7, 2025
Software has forever had flaws and humans have forever been finding and fixing them. With LLMs generating code, appsec has also been trying to determine how well LLMs can find flaws. Nico Waisman talks about XBOW's LLM-based pentesting, how it climbed a bug bounty leaderboard, how it uses feedback loops for better pentests, and how they handle (and even welcome!) hallucinations.
In the news, using LLMs to find flaws, directory traversal in an MCP, another resource for learning cloud and AI security, spreadsheets and appsec, and more!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-351
文章来源: http://sites.libsyn.com/18678/finding-large-bounties-with-large-language-models-nico-waisman-asw-351
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh